e2a456de0dc5fef82b65f77207be53eb76c4c1cf2c1a272b3e9ac007eae453a7

Analysis

max time kernel
127s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
04/04/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c23a497ccaa7c54b8b931b7378267199_JaffaCakes118.apk
Size

13.1MB
MD5

c23a497ccaa7c54b8b931b7378267199
SHA1

742d3f33952523a9df17101d5672e88600c443e1
SHA256

e2a456de0dc5fef82b65f77207be53eb76c4c1cf2c1a272b3e9ac007eae453a7
SHA512

e553438fc1cb7de63d5437e5d831b98aebf45863aa1d6785b7136bbf1334bb8debe910cf2d26711360422cb8d9206796fe6461a65e3ec714e125f79ea958dc58
SSDEEP

196608:RNrqHmP0J2YVFjmaRswuT9fvHK+HdpF2+kQQ+bwOcrjluw12BCH9mDLDZEDOkmQv:rqg0Jcp93I/QqOcriBrPaL1j

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.unionapp.hn

Queries information about running processes on the device. 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hn
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hn:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.unionapp.hn

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.hn

org.unionapp.hn
1⤵
- Checks CPU information
- Queries information about running processes on the device.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4186

org.unionapp.hn:ipc
1⤵
- Queries information about running processes on the device.
PID:4227

io.rong.push
1⤵
- Queries information about running processes on the device.
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.hn/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/org.unionapp.hn/databases/.ua/ua.db

Filesize
32KB

MD5
f6f4cd25587067b916b29efd306c3095

SHA1
418989d93e303761acccfe493230bc751a4ff69e

SHA256
a9a8a0284fb2b5b3ffc9cc412dc004434fff099927288b893cfc3dde39255c16

SHA512
a4b30bb57c69d18d743dcfac245d7c9b5b33dad1b417907c9bc1cbc275752ff2587057cddd57300c16d7c0557b7fe44a43ccdfb62986d2ca3597e9ed80bd0197

Download Submit
/data/data/org.unionapp.hn/databases/.ua/ua.db-journal

Filesize
512B

MD5
81f2801e22cfd060505b5677fcc3e25c

SHA1
523d22522c99a59a2604548be6c23919c5efa571

SHA256
3804dd7fbf88e63de4ecd432faca546aa9f6b65d2154016010f7a1c65770dbc8

SHA512
a0b9b4ea0056acc2935dad70c515e4224862c2ae3bb9af3fe255bc8c5f711c632284123d78c0b4f2ed92cb7480283d9fdbf115a6fb6bb2fc6e20b83beb89e369

Download Submit
/data/data/org.unionapp.hn/databases/.ua/ua.db-wal

Filesize
8KB

MD5
0029913fe4a94996c2c4894ebf5e020a

SHA1
b7f0d136b13910bea1cdf94b4d8dadbd75ef0a90

SHA256
8cdcfd1eea7e99ace8e1f1ec36a13ab318b2908b1f3b5351c305d50711cbc53e

SHA512
d1822633242598bdcc76f0a93139416cf1c0957a990232c652cab96de32fdf34b3bbd835a09fb33c35765a89b7475529a76df84e20a6d90b1e3f35f18963a04f

Download Submit
/data/data/org.unionapp.hn/databases/.ua/ua.db-wal

Filesize
56KB

MD5
807196c6b5d2e42dcf20da6f1ff9b728

SHA1
b62daaf1da7d07977a2ffa07ac94911fd2315b68

SHA256
a1bc2f33d82488526350098b6dee02bdb2443c350b18f907053f961cad46dd4f

SHA512
dbe30e022bd0fca9086742f32e2c55c3058590b33b6347d58c43ceb4dac9b1c95eebd0e65219cccfae0a8b86ec9cdf1a0f5ce8dfc385411c900aecac4a31f8be

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db-journal

Filesize
512B

MD5
cdf4acd4752ca21c250032db0f29da1c

SHA1
98a630670fec4e3072d2a53a715ed4b4886e291a

SHA256
5f17dabcabf9e4c467f9e5314d6560a468c1391a92247e016124ed43b85dc9e2

SHA512
d84ffa13ccf58655e78eef10d80dea831428cd95630c4610e9c3a4f4e20f1ea74b25ab0aabdf0edc5dc8cd0d40d4914751b4e7a158b86b1e9ec9884279e1e021

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db-wal

Filesize
16KB

MD5
7464bffc8653468d581c15596a5ce85c

SHA1
0d9f0e327be1d0b45e012cb3208f01e8883d930f

SHA256
caf1b23cc079721af13f80eed6ee1ae8cb33e2db0c593edbbc8d82c51d1cc2ce

SHA512
9aac884ac217a53570786a01c6260e31cdf15ea5a63ba727d4cef7931462a65bac9b4c46956a0e26aab0fa75e8c2407d1aed89ae56fec036b49e2005c884fa1c

Download Submit
/data/data/org.unionapp.hn/databases/cc/cc.db-wal

Filesize
48KB

MD5
49fd79e763a1aeb9cedde8be82ba357f

SHA1
9a1aea176af55c70b5f971df0f6e5a2fc25837da

SHA256
7604ed74441f2878f48965cdefe91275cf9d2dcb33fe9a7590e9c14e562a0bc7

SHA512
270810ae0586e690b2c214c8937cb24b033a4d531612571aefbdc4f04791d0edee367aef9dc037ccb0c2395ab708d645d08782a694d6295f69bd88cba883e1a3

Download Submit
/data/data/org.unionapp.hn/files/.um/um_cache_1712263385964.env

Filesize
1KB

MD5
1032b9017ff07b8178194c590a05903d

SHA1
c375b9186e6e6507fe3b7cbbbaec44d24f1caae7

SHA256
48f34b9c01a021d77c9f8072d095075e0373119c5764200e1a329fbc04e339a1

SHA512
cf8f05240d36132cb67d9e3ce68087907ea9868f712f1fa247bcbbfacb69e2360e96cd65339971ea5e188135fd4a21820ecba13482a94478778e44d00ac61eb6

Download Submit
/data/data/org.unionapp.hn/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ee93e3feb69edc269ee086c582d980c4

SHA1
642103650a5c30ed7be2527f1d09f1de083319a5

SHA256
5097ba3e1cc26a45d981ff00abfbaff496a62feecfb12ed02f27cecafad736d3

SHA512
2d4930415484c802b5d949597b957d351d2d8ae76a5503aa5f8341190d5220e173a3b129149e7d13ae42d7e361faf0f5d36232bff88efa8ce9a4768699293653

Download Submit
/data/data/org.unionapp.hn/files/exid.dat

Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/data/org.unionapp.hn/files/umeng_it.cache

Filesize
498B

MD5
9e2dd05e9632660c8bed67979eb6c151

SHA1
3e378626ba4c5b192893195207ab21a471d8707e

SHA256
8cc3ac265cfdbf912fb00fe5dd263110b8a3b25b4d4c2f2c399065a07f30206e

SHA512
a74c49ed1ab3393c30f2044f45256f0d0b4242390bbc4d302e15b5ca4b409c0b5f7951f76eba50c7c9b34c976d2575c2dc26d34800759cf5a2efe808c38018bf

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
9de10134dd0a8e5087bc414cda8c73ce

SHA1
9b8f3c48efab27c32a9f0114250df635b925613d

SHA256
bcab3e63deb5239e529a7f430928ff645816439c68e36cbb74519a33e03d9c97

SHA512
f2b6e92700d0a7a7b9f7448548949bbe308917f888e0189bf400f64819f7fd8c6269aa0db7e84da56af637b5153de668f312f81b7856ad53997b9f4e2bd45b9f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
bd8b0470371ce0410bc446ed472d4580

SHA1
db8346395cd08bad42afbb2de0052991d1ef0966

SHA256
ee13f1c2af04ee3e23927b15bf976ec2d8277975c3d9a14135a955a91dd1c86e

SHA512
04dc212ab533d8f40b3fbabe39ec5ed56f503de6e65d67fab3ce9704a59a70a185f4355431f813d7db2a7217df19a11c8ab24144731b12143df6a1e2bcae01d6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
72e82945575d8b66c852372e28a06673

SHA1
603419f2543d680a5b7d69f4bb1bb8b22c5c18d1

SHA256
c3d6e74cd1a5751d97ee2fde0993b6cdeb29f1222bdd5a18f5c3a8f992a4eee0

SHA512
b9b66fedd519468ebfd0c8322c15ec4363abbf2ed03ea2463db3b69c16fcbaf184dd27018246e705c1bc291caae3d7ca2b261c86634717b2654212bad536b86d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
dd3de2af37a7b80b0f23b41e314733cc

SHA1
37c435846bac5d56feb960e977d3826088e6d219

SHA256
af1ba89b0e2f635cd3a85fb8db53b70ee296c1fd30e62cb437a19b28f8778ced

SHA512
a33989120fb8d8946f7bdce0fe5a6278b1468d4116a509dc67cc850dbb1e62bc88227fe41d7a1057ac02dceaefa7fa9a613dcf46f077647faae8e4d7ebd17d8c

Download Submit
/storage/emulated/0/org.unionapp.hn/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit